agenttesla | d709aab9b049d7b936c554f5a1d640af0ce17e3ae3fdd7323cfa286718d609e4 | Triage

Submit
Reports

Overview

overview

Static

static

Purchase O...et.exe

windows7_x64

Purchase O...et.exe

windows10-2004_x64

Sharing

General

Target

d709aab9b049d7b936c554f5a1d640af0ce17e3ae3fdd7323cfa286718d609e4
Size

499KB
Sample

220521-ny9xpshean
MD5

7cffb5b96c7700c96356126f9650e764
SHA1

5fdc8b365e408155a10533c5937bec77f2a208a4
SHA256

d709aab9b049d7b936c554f5a1d640af0ce17e3ae3fdd7323cfa286718d609e4
SHA512

6887a01fd377dcfa3d07e28438e218225804e687bd1cacefa002df2e1f1993e4b566b142a3e794cfd4d3270bccb95bdd91ca52223a7dfc781e7242b3b562b859

Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

Static task

static1

Behavioral task

behavioral1

Sample

Purchase Order Data Sheet.exe

Resource

win7-20220414-en

agenttesla collection evasion keylogger rezer0 spyware stealer trojan

windows7_x64

0 signatures

0 seconds

Behavioral task

behavioral2

Sample

Purchase Order Data Sheet.exe

Resource

win10v2004-20220414-en

agenttesla evasion keylogger spyware stealer trojan

windows10-2004_x64

0 signatures

0 seconds

Malware Config

Extracted

Family

agenttesla

Credentials

Protocol: smtp
Host:
mail.scandinavian-collection.com
Port:
587
Username:
may@scandinavian-collection.com
Password:
kR6d.DFet#7w

Targets

- Target
  
  Purchase Order Data Sheet.exe
- Size
  
  651KB
- MD5
  
  26b9a6cee367f28b277d48ade4e64a7a
- SHA1
  
  09b1cbd4c0a7c9e77466a823f5e471cd041f6067
- SHA256
  
  723497bec220b3ef0d45c5134403fd2ba23eef0673707cf1e74166b06365d308
- SHA512
  
  fe4de9e0c3fb24deb065442186094ccffc22003462a267d0de07feb5176659cb42874246db1c6f9b8d65895205594e00f23100ea208779a1235772c2c6c7aad1
Score

10^/10

agenttesla collection evasion keylogger rezer0 spyware stealer trojan
- AgentTesla
  Agent Tesla is a remote access tool (RAT) written in visual basic.
  keylogger trojan stealer spyware agenttesla
- Modifies Windows Defender Real-time Protection settings
  evasion trojan
- AgentTesla Payload
- ReZer0 packer
  Detects ReZer0, a packer with multiple versions used in various campaigns.
  rezer0
- Checks computer location settings
  Looks up country code configured in the registry, likely geofence.
- Windows security modification
  evasion trojan
- Accesses Microsoft Outlook profiles
  collection
- Suspicious use of SetThreadContext
behavioral1 behavioral2

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Scheduled Task

Persistence

Modify Existing Service

Scheduled Task

Privilege Escalation

Scheduled Task

Defense Evasion

Modify Registry

Disabling Security Tools

Credential Access

Discovery

Query Registry

System Information Discovery

Lateral Movement

Collection

Email Collection

Exfiltration

Command and Control

Impact

Tasks

static1

behavioral1

agentteslacollectionevasionkeyloggerrezer0spywarestealertrojan

behavioral2

agentteslaevasionkeyloggerspywarestealertrojan

© 2018-2024

Terms | Privacy